The goal here today is to try and educate n00bZ on what PGP is, how to install GPA, I’m making the guide because I educated myself on PGP and it took awhile for me to understand it. So here is a picture guide to installing and creating a PGP key to encrypt and de-crypt messages.

=== BACKGROUND of PGP ===

Basically, each individual has a unique PGP key. In the program GPA, you import peoples unique key to your list of keys. When you go to write a PGP message, you type it normally in the clipboard { you’l learn about the clipboard later, it’s your friend } and then press an encrypt button, which then lets you pick from your unique list of keys to encrypt to, where ONLY that person can read it. [ this is why people give their public keys out, so anyone can encrypt them a message ]
=== THE STEPS ===

– Step One –

Okay, so first things first, let’s get a PGP program. One of the most popular is GPA. Head over to this link to download gpg4win which includes GPA {you can see a list of the programs gpg4win contains to the left of the download page, GPA is one of them}

When installing gpg4win you get the option to install which programs you want from the package. By default, GPA is not checked. MAKE SURE YOU CHECK GPA! You need it in order to easily encrypt and decrypt messages. This is what it looks like during the installation:

Next, you want to make a PGP key. Remember, none of the details need to be valid. I’d use your online name or a different alias when making your key. Something that isn’t your gamertag for online games, or anything that may tie to you. A completely new alias. The e-mail doesn’t need to be valid at all. Here are some pictures to help you through the process. Also make a backup of your key!!!

First, click the keys in the menu at the top. Alternatively, you can click CTRL+N to begin the process of creating a key. Shown here:

You will go through a set up, where you make a name for your key, which I suggest you use an alias. Shown here:

After selecting your alias it asks for an e-mail adress. This e-mail should be non existent, and be linked to a website that also doesn’t exist. Shown here:

Then you’re asked to make a backup of your key. I highly suggest you do this! Although you can make a back up at any time, you should just do it now. This is where your public key will be that you give to others to contact you. Shown here:

– Step 2 – Find Your Key –

Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.

When sharing your key with others, you wan’t to copy and paste from the beginning dashes to the end dashes. Exactly how I have copied and pasted above.

— HOW TO IMPORT SOMEONE ELSES PGP KEY TO YOUR GPA PROGRAMS —

You see people giving their public keys away so others can contact them. Simply open a notepad file, copy and paste their key and import it using the GPA program. I will show you how to do this.

First make a blank text file and copy the users pubic key to it. Shown here:

Then, in the Keys menu where you made your key, select import keys. Shown here:

Select the Text file you saved with the public key in it. Shown here:

Then you should get this if the key was successfully imported:

Now, lets send an encrypted message.

First, open the clipboard. You can get there through the Windows menu or through the clipboard icon on the quickbar. Shown here:

Then after opening clipboard type the message you’d like to send and select encrypt at the top of the clipboard window. Shown here

When you press encrypt, you are given a menu shown below. In this menu you select what key you’re using to send the message, and what key is going to be receiving the message. I chose to send the fake account used to make this tutorial a message with my personal account. Here’s what that menu looks like:

After you select who’s sending and who’s receiving you should get an encrypted message that looks like this:

This encrypted message is what you send instead of cleartext. So when messaging on websites, simply paste the PGP message. If you receive a PGP message, you can also use the clipboard to decrypt the message you have received by opening the clipboard, pasting the PGP message you got, and then pressing the decrypt button, shown here:

That about sums it up. I hope that people with questions on PGP and how it’s used can be solved here, as I tried to make the tutorial as noob as possible. Please be safe when communicating confidential or sensitive information on websites. Always PGP. Never FE. Be safe people. If you have questions, comment, and I’ll try my best to answer them.

To decrypt a message, you need the other person’s public key. This can usually be found on their profile of whatever website or super secret message board you’re a part of.

To lay it out simple.

To encrypt:
1) type message
2) encrypt it using an imported public key of the person you are sending to
3) SIGN IT (makes it secure) with your private key
4) you can never decrypt it, only the person whose public key you encrypted it with can decrypt it
———–
To decrypt:
1) paste encrypted message and encrypted signature
2) select their public key as well as your private key
3) view the message

Not true. When you go to encrypt the message and select the person who will receive it, ALSO select to encrypt it to yourself. This way the message will be encrypted so the other person can read it AND you can, in case you want to decrypt it afterward to double check your message.

hello … first of all a nice tutorial, congratulations. I wanted to ask a question.

– I followed perfectly the tutorial, I created a second true e-mail on ‘outlook’ the same that I have sent you here. Then, after the back-up of the keyword on the desktop and on the usb , file is not me marks on the desktop or usb , that is, I can not see the key to the desktop, because it does not come out of it, but on gpa, finds files, strange. How so?

it was happening the same shit to me. just copy the URL where the document have been saved (on the GPA program at the backup option) and paste it on the URL space in a random window. you will find it then and backup properly.
Namaste

Probably because when you’re looking for the file, your computer settings aren’t set to show .asc files since they aren’t very common. When you’re browsing your computer files, set the file type to “All Files” and see if this makes it show.
The pgp program automatically looks for .asc files to import so you’ll always be able to see the file when using the program.

when you nack up the key and it doesnt come out where you try to back it up try backing it up again in the same place then you will get a msg saying there is a copy of it already and where is at. i was having the same problem but when i did it again it gave me where it was saving it at turn out it was in appdata no on desktop where i was saving it hope this help

You have to send them your public key so they can read the message and also write back to you. Unless you’re using a site where you’ve already pasted your public key in your profile for anyone to use, in which case they can find it themselves

So all is well, I found the asc. file opened it with notepad. It had both the public & private keys so I copy & pasted it into my profile page for all to see. I went from dash to dash. I entered my password, filled out the caption, hit submit and I get an error that says it is an invalid PGP key. What am I missing?

Sorry guys, can anyone help or advise on how I upload it onto dream market as I am becoming a vendor.
when I copy and paste on to the pgp key section it puts spaces between each line. when I try to delete the spaces it still does not accept the key.

you must encrypt to yourself to decrypt what you’ve just written. if you encrypt to receiver then only they can decrypt. Just saying :)
Sounds like you are copying and pasting a little bit of extra crap in the message, or more likely missing a little bit.
You could also try signing and verifying the message after you encrypt it but before you try decrypting it, you will see Sign and Verify both just above where you are writing; when you click verify (after clicking Sign) make sure its your name there and it says Valid.
If none of this works just watch pornhub for an hour and relax in a gentlemans way

I understood, but do you guys have any idea how can I use this pgp4usb in the Outlook as a plugin to encrypt/decrypt e-mails easily? As I searched, I couldn’t find any solution to make it as friendly as Kleopatra(pgp4win).

gpg4win is known to create broken or flawed keys, I can’t believe this is been recommended. Have a look at the security thread on SR2 forums Nightcrawler explains it better than I ever could. It also doesn’t use encrypted sub keys. GPG4USB is a much better and as easy to use system

Open it with note pad or a text editor to see the key for copy/paste bavk ups but a .asc file would be better to use as a back up, its what the client will be looking for.
Go to Key Management the import key and it will import a .asc file but it might have problems with a text file and some GPG clients don’t have an editor to paste and import the key from.
Try GPG4USB, if you look in the forum theres a good post as to why you should use GPG4USB or WinPT(Windows privacy tray) they are what I use on windows and I use kgpg and GPG4USB on linux and APG, OpenKeyChain, GnuPG installed on my android phone, I can even encrypt txt messages to the guy I get my weed from.

But TAILS really should be use, it leaves no trace on your laptop what so ever. Its an amazing tool, I don’t go near Tor with out it and was nervous using it at first. But normal linux should be OK depending on what your doing. I use windows so TAILS then is a much better idea. I was watching a video not so long ago and all anyone needs is 10% of Tor’s exit nodes to listen to Tor and try figure out whats going on. It was a youtube video so if I’m wrong its probably that far off.

Thank you. I am new at PGP and this detail is left out of all the guides that I have read. I could not determine if I should encrypt my public PGP with the recipients public PGP, or if I should just send my public PGP to them unencrypted.

You want to use the receiving parties public key to encrypt the message you send. If you happen to put your own key in there then it will only be read by the person who can decrypt it with their private key.
NEVER EVER send your private key to anyone!!!

The public key is what you give to others so they use your public key to ENCRYPT messages for you. The private key is for you and for you ONLY and you will use it to DECRYPT messages that have been encrypted with your public key.
Messages that have been encrypted with a public key can only be decrypted with the private key related to exactly this public key.

So in short: Your public key is used by others to encrypt messages for you and your private key is used by you to decrypt messages for you.

Another usage for your private key is you can encrypt your message with it, so someone can decrypt it with your public key and know the message is really sent by you. That’s (cryptographic) electronic signature for you. It won’t stop anyone knowing your public key from reading your message so you may still want to encrypt it with the recipient’s public key.

Adding on to what someone said about “signing” your message before you encrypt it to someone… adding your signature is another step that proves the message is really from you. A lot of people prefer that all of the messages they receive be signed by the sender as an extra precaution, but it isn’t necessary. When moderators of darknet markets post messages to their site for users to see, they always sign it to prove that they are really the ones who wrote the message, and not a hacker or law enforcement. Since a hacker or LE–once they’ve hacked in–can easily post something pretending to be the owners of the site, they do not have access to the site owner’s private PGP key (& passphrase) and therefore cannot encrypt or sign anything.
Users on a darknet market should save the public keys of people that run the market, so that any time an announcement is posted, they can verify that it is really the same site owner that wrote the message. This is why vendors and moderators very rarely get new PGP keys because that can be seen as a red flag that it isn’t them. If their key does expire and they’re forced to make a new one, they will post the new public key for everyone and sign the message using their old key–showing you that they will be using a new public key from now on, and yes it is them saying that.

You don’t decrypt public keys. You decrypt messages. The public key is sort of like an email address. You give people your public key so they can send you encrypted messages.
If you want to encrypt a message for someone to read, you need their public key so the program knows who to encrypt it to.
(Reminder: Your private key is like a password–it is your secret key that decrypts messages that people send to you. Never give your private key to anyone. And never lose it or you won’t be able to encrypt/decrypt messages unless you get a new set of keys)

Great article, thanks. I made use of this immediately. One suggestion. You might want to fix the sentence directly above your 7th screenshot that makes reference to a PUBIC key. I got a chuckle out of that. Cheers!

Everytime I try to import a key it is telling me no key found but it is all there where i copied it and pasted it into a notepad and saved that. I have uninstalled and reinstalled the program and nothing. I just need to send 2 or 3 messages quick and need help thanks.

Gpa will not work for me, it doesn’t like my laptop.
The only one that works is ppgp, but when I enter my key into silkroad it says it is invalid.
Is there any way to use silk road without a pgp?
And if not is there an alternative?

I know this is an old post but for people reading this, you never want to post ANYTHING on a darknet site that you wouldn’t want law enforcement to read. They are always trying to break into these sites (for obvious reasons) and can spy on the site to track the data that is being transmitted from it. If you post something like your address without encrypting it, this data is right there for them to find. It isn’t a guarantee that they will get their hands on the site, but you are putting yourself in jeopardy leaving personal information on a website that can be used to convict you if they ever do gain access. Keep in mind, nothing on the internet is ever really deleted.

where do I find my public key to post on the pgp program mentioned, I cant seem to figure it out. I followed the whole encryption decryption thing but i cant find my public key like ones posted on vendor sites

click on the key in your PGP client to pick witch one you want, then right click and go to properties, you should get a prompt to export your public key or paste to clip board, you can copy it straight from your clip board.
Try GPG4USB(GPG is a open source/GNU PGP) its much easier to use and more secure, there are threads on silkroad that warn people not to use PGP4Win and its written by people with a lot more experience than me, pgp4win is also closed source American company so most likely has a back door GPG4USB is German and open source so people can check to make sure theres no backdoor.
I’ve no idea why this is being used as a guide for new users, its a bad idea to use American closed source products for security against mostly US LE

I’m still uncertain of how to add a message once I encrypt a key. I did everything the guide says. I’m trying to send my physical home address to someone, but I need to encrypt it first. (Which I just did thanks to this guide) Where do I actually type in my address? I’ve already pasted their PGP in the GPA and encrypted it. But where do I go from here?

You don’t encrypt their key. You USE their key to encrypt your MESSAGE. Type your message (in this case, your address, plus anything else you want to say to the vendor) in the program’s clipboard. Then encrypt it and select THEIR KEY to encrypt it to. The result is an encrypted message that only THEY will be able to decrypt. Now copy and paste that encrypted message into your order and send it to them. If you haven’t pasted your PUBLIC key into your profile on the site yet, then copy and paste it in a separate message to them so they can send messages back to you.

Sir.I am new on PGP . Whem I try to import the someone’s public key My Kleoptara accept only .asc or .pgp file but someone send me his public key and when i copy and paste this key on note pad or word paid and press ctrl+s then file saves in txt format ,It do’nt show the option to save in .asc or .pgp file what should i do?

I’m sorry but where do I actually type in the message I want to send? Not my key or their key, but that actual message (My home physical address) The site I’m on is requesting I encrypt it before I give it to place an order. I’ve followed all the steps so far.

cant we just use hushmail this is sum super dupper fbi shit it guna take me yearscto learn this im dyslexic also this is why i loved topix as silk road gonecfor good now then just agora and atlantis left ioo givevthis actry ohhh csn this be done on samsung tablet

Hushmail? Sure, go ahead and use Hushmail if you want to end up in jail. In 2007, the DEA, in “Operation Raw Deal” got 100,000 DECRYPTED emails from Hushmail. There were quite a few busts from this operation.

A few years later, in 2010, Hushmail was forced to turn over the decrypted emails belonging to the people running The Farmer’s Market. They were all busted as well.

Maybe you shouldn’t be using the darknet at all.
Using ANY email service that encrypts or decrypts messages for you is taking a risk. As long as the email service holds the keys to the encryption, you’re not fully in control.
As far as I know, ProtonMail is the only secure email service that relies on users to encrypt and decrypt emails before sending/after receiving, and doesn’t hold any keys for law enforcement agencies to try and steal or take by force.

Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.
Ugh i must be dumb not having much luck with this tutorial

Just a few questions that are troubling me. Where do I see or find my private key? Do I actually need to type it in to decrypt messages or just press the button. Also how do I know what level of encryption my key is, I dont remember what I chose when generating key. I heard 4096 bits is better than 2048. Also how to I encrypt my computer to make things safer? I am using GPA but also have kleopatra installed.
Here is my public key. Thanks a lot in advance.

This isn’t an email program. It’s an encryption program. You use it to encrypt messages. Then you can copy and paste the encrypted message into an email and send it to whoever you encrypted it to. Make sure they have your public key so they can encrypt messages back to you.

I was wondering if you could clarify something. In order to encrypt, there is the upper section called “GNU PRIVACY Assistant – Encrpyt Documents. It has the list of yours and any imported persons public keys.

The lower section has a box “sign” that can be selected and the lower list only includes your own name but not imported names of others public keys only.

What is sign?

If I’m encrypting to send to someone imported, do I select them in the upper list/box and then select sign and pick my name as the sender?

When they tell you to use a specific key, they are giving you their public key. You need it in order to encrypt a message so that only they can read it. You need to import their public key into the program, which adds it to your contact list. Type your address in the clipboard and encrypt it to their key. Send them the encrypted message.

hi denise,
Decrypting a pgp message requires that you are in possession of the corresponding private key. If not, there is only left the possibility of bruteforcing the key, which is only realistic with not too long, weak passwords.
If that is what you intend, I can give it a try. Write a pm or an email or use my i2p-bote-adress [yes, it is that long]:

This is not a good tutorial, sorry. Why would you send yourself an email?!? Why couldn’t you show, in full, how to send someone else an email? Do we have to exchange our public keys first? Whose email do I select in the top window? Etc.

Thanks..Why come while I am using the TOR Browser and also PaidCyberGhost vpn I CAN NOT send the persons key? It always sits there about a min. then says error: server cannot read key. So, I have to click off CyberGhost before I get a server that will let me send this persons key in. There must be some other way to do this without having to shut off Cyberghost every time you want to send in a persons key. Can you tell me what I need to set and where. I believe it is a cyberghost problem and not a Tor problem but I could be wrong. Maybe I need to set TOR up differently. Thanks for any help….

When using gyberghost and Tor browser and gpa4win it will not let me send the persons key in to the server. I have to disconnect from cyberghost to send the persons key in every time. What causes this. What do I need to change setings in? Is it cyberghost or Tor setting i need to change? Thanks

i was helped by a hacker to check if my girl friend was cheating ,
i visited their website ihacc4u.com and her email and facebook where hacked in about 30 hours ,
i was indeed pleased ,
so you can check them out ,they can help you change your grades

Oh man bummer, I hope you were pleased about what you didn’t find on your girlfriend’s accounts rather than about the 30 hour hack.
This tutorial is stellar, comments are also helpful (mostly) so thank you all.
Also the first three comments are fkn hilarious.
Sorry, I have no useful contributions. If there is a category lower than noob I’m in it.

Had the same problem and i didnt exactly solve it, but i found a workaround somewhere. Here’s what i did. When i try to decrypt from clipboard(i’m using GPA, but it might be similar with everything else) it says ‘clipboard contained no valid encrypted data.’ So i put the encrypted message in a text editor and saved it and then right clicked on that file and opened it with GPA and it worked. It created a text document that i could read. It takes a few additional steps, but in the end i could read the message. Hope this helped. Now all of a sudden i cant import new public keys(i could before). I put the key into a text editor and save it, but when I want to import the key it just says no key found. I see that other people had the same problem, but none of the fixes above worked for me. If someone has an idea why this is happening it would be nice if he replied.

hey, i forgot my username on helix and tried making a new one with my existing public pgp key, sadly and naturally they said existing user with pgp public key.
Do i need to make a new key? How do i go about doing that ?

Hello. I downloaded the newest Pgp from 2016 and selected GPA and now I try to open it and keep getting the wizard window to install. I cannot get the window to open where I will set up my keys. Could someone please help me with this and tell me what I’m doing wrong? It would be very much appreciated. Thank you.

I am not exactly clear on this pgp4win being a messenger service or just an encryption service ?
In other words – can I receive encrypted messages through pgp4win or do I have to send it through my email address ?
And when I do send a message I must include
1 – my public key
2 – the encrypted message
3 – anything else ?

Hey I figured it out. Once your key is made you have to click on it and select export key. Save that wherever and open with notepad. When you open it you will see that it is only your public key there. Copy and paste that to the site. I just did, worked great.

I have been using pgp a while and only have recently started having this problem. I can not decrypt messages from anyone else. If I encrypt to myself I can decrypt it but from anyone else I get an error. “No secret key found”. I have used 2 different programs. Before all I had to do was copy the message then use my program and hit decrypt from clipboard. Really need help.

when I try to copy and paste my public key from the notepad it s displayed with gaps between every line of the block and isn’t valid. why is this happening and how do I fix it. I am doing exactly as described in your guide but getting a different result. why?

Here is a new one. When I try to the “open with” Windows (10) does nothing. It’s as if it’s stopping me from opening the file in notepad. I’ve already reboot and done all the basic stuff including creating a new key. Is there any other way around this?

For example, in the above tutorial, you have to manually select GPA, and with the other you don’t select it at all (not used). Kleopatra is installed in both, so I guess what I’m asking is why is there such a difference in the installation process/program parts? Obviously the tutorial in the link that I copy & pasted is more lengthy, so what am i missing? Thank you very much for anybody’s help in advance.

Do you mean instead PGP block encryption ? Because I’ve never heard about PGP wrecking.
Usualy PGP block is made with our name, or pseudo and mail adress, it is well describe in the tuto, step by step.
It all depends on why you need to create a PGP, could you tell us more ?
Thank you !

Hello,
Thank you very much for this very useful tutorial and easy to understand.
I managed to encrypt, sign and check my pseudo plus email address and get my PGP block encryption.
To decrypt it is not as simply, I decripted something but I’m not sure I did it right. Because I read in comments that we had to use the key of the other person (a site for me) with our private key to make our message readable for the site we sent PGP block (do you follow me here ? Ok !). I’ll try but am not sure I succeed…
In fact I want to create an account on SRoad and it is requested our PGP block plus a “key” (or link) for them to read our messages and save our orders.
Could you please help me to finalize my registration on this site ? Then, is it ok to have used my username with my email address to create this famous PGP block for my account registration ?
I thank you very much for your help.
Have a nice evening !
Temperence

Hi, would I be right to say that if you don’t put a valid email address in when creating the keys etc then you won’t receive any messages? So would I then be right to assume that you put your real email address in the encrypted message?
Many thanks for any replies.

Help me!!! I don’t understand sending a message. Everything was going smoothly when using tutorial until I got to the part about sending an encrypted msg. I didn’t understand how to choose the where to send it. Do I just use the email account that i am sending from and send it to myself for practice purposes? And I’m having a problem finding my secret key. I located my public key but not the secret one. I am soooo confused! Whaaa!

Hi. Please help me. I’ve read through this post but there seems no answer as to how to use on a android. I joined trade route n tried for ages to suss the PGP. In fact I was trying so long it ended up going down.
Any help would be much appreciated. Ta.

Thanks for the additional info. Also, after I made a backup key and a separate file to store it in, I navigated to that file to open it but the file was empty. I did this several times. Something I’m missing?

Someone please help i canot make a key. Long story short i download the newest version and during the install process it say choose components. it says make sure Kleo, gpa , gpgOL , gpgEX , and GPG4WIN compendium. first off i dont have a gpg4WIN compendium to click ( andther webste says make sure the same is checked off MINUS GPA so i have done it both ways. I have downloaded and uninstalled a million times trying to fix. Anyway i make a fake name and a fake addy and it says keys made. Then i go to save a copy of the key when i try to import it it says error user not found… What am i doing wrong ?? thanks so much

Please help!!!!!!! I FOLLOWED INSTRUCTIONS I received a Private key and I requested a backup and got another Private key no Public key this is time sensitive How do I get my public hey? PLEASE HELP AMBITIOUS NEWBEE….